Cyber Anti-Sec 2024
31 December 2024
No Comments
Welcome to the ‘Cyber Anti-Sec’ security report covering the year 2024, in which the most relevant data, trends and data breaches will be analysed.
Welcome to the ‘Cyber Anti-Sec’ security report covering the year 2024, in which the most relevant data, trends and data breaches will be analysed.
AIAD is the Federation, member of Confindustria, representing Italian Aerospace, Defence and Security Companies.
The company INPS Servizi S.p.A. was the subject of a data breach by the LYNX collective, with data exfiltration and interruption of services. Let’s find out more.
NIS 2 is bringing a number of compliance activities by private companies and public administrations, sometimes not very consistent with the regulations. Let us try to make some reflections on
The Equalize case is filling the front pages of the national press and is spreading like wildfire. On social media, it is being talked about in a very technical way,
The newsletter of the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) publicises as news measure No. 572 of 4 July 2024 concerning the data breach suffered
On 17 October, Italy will transpose the NIS 2 Directive(CELEX EU 2022/2555), and the expectation surrounding this directive raises a doubt: will the directive have any real usefulness or have
The idea that hackers only target the most industrially powerful countries is wrong; certainly the United States, China, Europe, are constantly at the centre of cyber attacks, but there are
A lot of information is circulating these hours about the arrest of the founder of the messaging service Telegram: Pavel Durov. Not all this information is correct, let’s try to
On 26 July 2024, the Agency for National Cybersecurity (ACN) published the ‘Guide to Reporting Incidents to CSIRT Italy’. It is a 56-page document that gathers some interesting information that
The Everest Group hit a notary firm and this data breach is likely to have truly dramatic connotations considering the type of target and the amount of data exfiltrated. Let
In Italy, there is a major problem in restoring health services following a computer incident, and it matters little whether the incident is caused by negligence or malicious intent. In
It is a term little known to the uninitiated, but dwell time is perhaps one of the most important elements to know for those working in cybersecurity.
Another data breach to the detriment of public health has hit the Lombardy region, this time it is the turn of ASST Rhodense, let’s try to understand what happened.
As many will know, in April the Synlab facility was attacked by the BlackBasta collective. Among the data exfiltrated, in addition to identity documents and internal information on the facility,
Apart from the legal obligations in the event of a data breach and thus the notification to be made to the Data Protection Authority, it is necessary to understand how
It has now been a few days since the Banca Sella data breach, and it is time to make a few remarks about what happened, outside of any controversy but
On the portal of the Garante per la Potezione dei Dati Personali (Italian Data Protection Authority), the measures against the Lazio Region, the company LazioCrea S.p.A. and ASL Roma 3
The GDPR has given clear rules for the correct handling of information, including through the adoption of specific organisational measures. There are some that are closely related to the technical
In the landscape of cyber risks, it is correct to make appropriate distinctions because risk classification and risk management is one of the most interesting topics to investigate. Among the
CSC control number 17 deals with‘Incident Management and Response‘ and is a very topical subject because, starting from the assumption that nobody is invulnerable to an IT incident, one of
Control 14 of CSCs is based on ‘Security Awareness and Competence Training’, an undoubtedly important but also surprising topic to find within documents of this type. Let us delve into
CSCs pay special attention to data recovery. Let us address this topic and analyse it in the light of current risks.
The journey through Critical Security Control, which began with the presentation, continues with one of the most interesting topics: defence against network threats.
Critical Security Controls are an essential resource for anyone wishing to approach cybersecurity at the enterprise level and are the basis of AgID Circular 2/2017. Few people are familiar with
What happened to Westpole S.p.A. Let’s try to summarise the events, but above all, let’s try to better understand who Westpole S.p.A. is.
On 10 October 2023, the NoEscape collective claimed an attack against the Order of Psychologists of Lombardy. The attack threatened to expose particular category data related to the Order’s activities.
In May 2023, there was a data breach that few noticed: the one against the data of Metronotte Piacenza, a private security company. On the surface, this attack was less
On 15 August 2023, the Medusa Group published a ransom note on its website demanding payment of $500,000 from Postel SpA for not publishing the data. At the time of
There have been so many attacks on the Italian public administration and there will continue to be more: the surprise effect should no longer exist and should give way to